https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191218
--- Comment #5 from yaneurab...@gmail.com --- (In reply to Xin LI from comment #4) > (In reply to yaneurabeya from comment #3) > > (In reply to Xin LI from comment #2) > > > Exporting subdirectories of a mountpoint is problematic and this is a well > > > known limitation of the protocol. I don't consider this as a security > > > issue > > > because the administrator is supposed to know what they are doing. > > > > The security concern was over the fact that mountd is clearly reporting an > > error in the code, but hiding the fact that it's actually an error; unless > > the administrator is looking for errors from mountd, they have absolutely > > _no_ idea that the path is actually exported. > > mountd have (correctly) reported that it was unable to change the export > attributes, we could, of course, use better error message, but if the > administrator chooses to ignore error messages, there is nothing we can do > with it. > > Also, exporting subdirectories just plain doesn't work because the NFS > client can still request anything in the mountpoint. Properly implemented > client does not allow it but an attacker do not have to use a properly > implemented one. This is well known and relying on this security model is > just plain wrong. I forgot to include the fact that localhost:/tmp/bar was mounted to /mnt ; this was implied in my reproduction steps. /tmp/foo and /tmp/bar are two distinct paths. Why is /tmp/foo being exported if it's not showing up in showmount -e? Yes, I know that I've been playing in Linux for a little too long (9 months), and looking back I'm not using the prescribed syntax for exports(5), but I expected the code to not export /tmp/bar and it did. (posing the question differently) As a sysadmin/support engineer, how could I understand that mountd has actually exported the directory if the tools that should be doing this (showmount -e) don't print out anything meaningful? -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"